A. Field of the Invention
The present invention relates to a method for authenticating a portable data carrier to a terminal device, and to an accordingly adapted data carrier and a terminal device.
B. Related Art
A portable data carrier, for example in the form of an electronic identity document, comprises an integrated circuit with a processor and a memory. In the memory there are stored data relating to a user of the data carrier. On the processor there can be executed an authentication application via which the data carrier can authenticate itself to a terminal device, for example at a border control or the like in the case of an identity document.
During such an authentication method, a secure data communication between the data carrier and the terminal device is prepared by a secret communication key for symmetric encryption of a subsequent data communication being agreed on, for example by means of the known key exchange method according to Diffie and Hellman, or other suitable methods. Further, at least the terminal normally verifies the authenticity of the data carrier, for example using a certificate.
For carrying out a method for agreeing on the secret communication key, it is necessary that the terminal as well as the data carrier respectively make available a secret key and a public key. The certificate of the data carrier can relate for example to its public key.
When each data carrier of a set or group of data carriers having an individual key pair consisting of a public key and a secret key is personalized, problems result with regard to the anonymity of the user of the data carrier. It would then be possible to associate each employment of the data carrier uniquely with the corresponding user, and in this way create a complete movement profile of the user, for example.
To take account of this aspect, it has been proposed to equip a plurality or group of data carriers respectively with an identical, so-called group key pair consisting of a public group key and a secret group key. This makes it possible to restore the anonymity of a user, at least within the group. This solution is disadvantageous in that if one of the data carriers of the group is compromised, the total group of data carriers must be replaced. If the secret group key of one of the data carriers of the group has been spied out, for example, none of the data carriers of the group can be securely used further. The effort and costs of a necessary replacement campaign can be huge.
The object of the present invention is to propose an authentication method that protects the anonymity of the user and wherein the compromising of one of the data carriers has no adverse effects on the security of other data carriers.
A method according to the invention for authenticating a portable data carrier to a terminal device employs a public key and a secret key of the data carrier as well as a public session key and a secret session key of the terminal device. The data carrier employs as a public key a public group key. As a secret key the data carrier employs a secret key that is derived from a secret group key associated with the public group key.
In the method according to the invention it is no longer necessary to store the secret group key in the data carrier. Therefore, such key cannot be spied out upon an attack on the data carrier. Secret session keys of other, non-attacked data carriers of a group of data carriers can be used further.
Tracking the data carrier using a public key individual to the data carrier is not possible, because no such thing is present in the data carrier. The public key employed is the public group key which is not individual to the data carrier, but is identical for all data carriers of the group. In this regard all data carriers of a group are indistinguishable. Thus, the anonymity of the user can be maintained.
Preferably, before a further execution of the authentication method the secret key of the data carrier is respectively replaced by a secret session key of the data carrier that is derived from the secret key. That is, the data carrier executes the authentication method with a different secret key upon each execution. The secret key of the data carrier is thus configured as a secret session key of the data carrier.
A session key is always understood within the framework of the present invention to be a key that is newly determined for each “session”, i.e. upon every carrying out of the authentication method here. Different session keys are normally different, i.e. the value of a session key in a first session differs from the value of the session key of a subsequent second session. It is not possible to infer a subsequently employed session key from an earlier one, or vice versa.
Therefore, it is equally impossible to track the user of the data carrier using the secret key of the data carrier. A secret key of the data carrier could also be used in another, known way, for example in a challenge-response method for authentication to a data processing device. However, since according to the present invention the secret key is a session key, i.e. has a different value upon each use, the identity of the data carrier cannot be inferred from the secret key alone. Thus, the anonymity of the user can also be maintained in this regard.
A portable data carrier according to the invention comprises a processor, a memory and a data communication interface to a terminal device, as well as an authentication device. The latter is adapted to carry out an authentication to a terminal device while employing a public key and a secret key of the data carrier as well as a public session key and a secret session key of the terminal device. The authentication device is further adapted to respectively replace the secret key of the data carrier by a secret session key of the data carrier that is derived from the secret key. In this way it is possible, as described, for each carrying out of the authentication method to be effected with a session-specific secret key of the data carrier.
A terminal device according to the invention for data communication with a portable data carrier according to the invention is adapted to carry out an authentication to a portable data carrier while employing a public key and a secret key of the data carrier as well as a public session key and a secret session key of the terminal device.
A system according to the invention comprises a data carrier according to the invention as well as a terminal device according to the invention. These are respectively adapted to carry out an authentication method according to the invention.
Within the framework of the method, a communication key is agreed on between the data carrier and the terminal device by means of the public group key and the secret key of the data carrier as well as the public session key and the secret session key of the terminal device. This communication key is then available only to these two parties. In this sense it is a secret communication key. Such a key agreement can be effected for example by means of a Diffie-Hellman key exchange method. Other, comparable methods can likewise be used. Agreeing on the communication key can be regarded as a form of implicit authentication between the data carrier and the terminal device. If a subsequent data communication encrypted by means of the agreed on communication key can be effected between the data carrier and the terminal device successfully for both sides, one party is respectively considered by the other party to be successfully authenticated.
Preferably, the public group key employed as a public key of the data carrier is verified by the terminal device by means of a certificate of the public group key. For this purpose, the corresponding certificate of the terminal device can be made available by the data carrier in suitable fashion. The data carrier can send the certificate to the terminal device for example. It is also possible to hold the certificate in a freely readable memory area of the data carrier. The step of verifying the certificate can be regarded as part of an authentication method wherein the data carrier identifies itself to the terminal device by means of the certificate. In this way the data carrier can be authenticated as a data carrier of the group that is associated with the group key pair, but not be tracked using a certificate individual to the data carrier, which certificate is not provided according to the invention. Only the certificate of the public group key, which certificate is identical for all data carriers of the group, is stored on the data carrier, thereby maintaining the anonymity of the user of the data carrier in this regard as well.
In the same way, the terminal can identify itself to the data carrier by means of a similar certificate.
Preferably, the secret key of the data carrier is derived from the secret group key while employing a first random number. For this purpose, there can be employed any suitable operation that can take up as input data—inter glia—the secret group key as well as the first random number and process them into the secret key individual to the data carrier. For example, there can be used mathematical operations, such as multiplication, exponentiation or the like. Deriving the secret key from the secret group key can be effected for example during the manufacture of the data carrier, e.g. in the personalization phase. The secret key of the data carrier is then stored in the data carrier. The public group key and the certificate relating to this key can also be incorporated into the data carrier in this phase.
The secret session key of the data carrier which respectively replaces the current secret key of the data carrier after an execution of the authentication method can be derived from the current secret key in different ways. The derivation is effected in the data carrier. Since the original secret key has been derived from the secret group key, and each session key of the data carrier is derived from the respective current secret key of the data carrier—which it then replaces—each session key of the data carrier is also derived indirectly from the secret group key. However, it is not possible to infer the secret group key from a secret session key of the data carrier.
A replacing of the secret key by the derived secret session key of the data carrier can be effected for example such that the secret key is “overwritten” by the derived session key, i.e. the secret key assumes the value of the derived session key. The preceding value of the secret key is deleted. That is, the data carrier always has the secret key that is employed in the method according to the invention. However, the value of the secret key changes between two executions of the method. The data carrier thus respectively has a session-specific secret key.
The derivation of the secret session key from the current secret key is effected on the basis of a session parameter.
According to a first embodiment, the secret session key of the data carrier can be derived from the secret key while employing a random number. That is, the random number represents the session parameter. In so doing, a new random number is respectively employed for each derivation of a session key of the data carrier. The random number can be generated in the data carrier. After the deriving, the random number is deleted. This makes it impossible to infer from the derived session key the secret key employed for the derivation.
According to an alternative embodiment, the session parameter can be determined in dependence on a value made available by the terminal device. This value can assume for example the form of a public sector key of the terminal device and be made available to the data carrier after an authentication has been effected between data carrier and terminal. This sector key is now used in the data carrier for deriving the secret session key in suitable fashion.
For deriving the secret session key of the data carrier, several session parameters can of course also be employed, i.e. for example a random number and a terminal parameter.
According to a preferred embodiment, the public group key is determined by means of exponentiation of a specified primitive root with the secret group key. The original secret key is then formed in this embodiment by multiplication of the secret group key by a first random number. Finally, a first base of the data carrier is formed by means of exponentiation of the primitive root with the reciprocal of the first random number.
A secret session key of the data carrier is then determined, if necessary, by means of multiplication of the current secret key by a session parameter. A session base is determined by the data carrier by means of exponentiation of the first base with the reciprocal of the session parameter. The computation of a session base is effected just like the computation of a secret session key for preparing a further carrying out of the authentication method. The session parameter can, as mentioned, be specified for example by a second random number or in dependence on a parameter of the terminal device. The secret key of the data carrier is then replaced by the secret session key of the data carrier in the described way. In the same way the first base is replaced by the session base, i.e. the value of the first base is replaced by the value of the session base. Thus, the first base of the data carrier can also be regarded as session-specific, like the secret key.
The first base, i.e. its current value, is made available to the terminal device by the data carrier, being for example sent thereto or held in freely readable fashion.
The terminal device then determines its public session key by means of exponentiation of the first base made available by the data carrier, with the secret session key of the terminal device. The secret session key of the terminal device is respectively generated in session-specific fashion by said device.
Finally, the terminal device sends the public session key, determined as described, to the data carrier.
Thus, the data necessary for agreeing on the communication key are exchanged between the data carrier and the terminal device. The data carrier computes the communication key for its part by means of exponentiation of the received public session key of the terminal device with its own secret key. The terminal device determines the communication key for its part by means of exponentiation of the public group key, i.e. the public key of the data carrier, with the terminal device's own secret session key.
Subsequently—or alternatively before the agreement on the communication key—the terminal device can check the public key of the data carrier, i.e. the public group key, by means of the certificate made available therefor by the data carrier, as mentioned, according to this embodiment as well.